[tor-talk] Automatic vulnerability scanning of Tor Network?
Fabio Pietrosanti (naif)
lists at infosecurity.ch
Fri Dec 23 10:13:33 UTC 2011
On 12/22/11 12:35 PM, Jacob Appelbaum wrote:
> I really appreciate that you're not working for people who wish to do
> the Tor network harm. Please do consider the concerns of people in this
> thread and weight your actions against those people. They too are trying
> to help the network, the project, and the users.
Yes, i agree, we can find a common point.
We just all need to move in the same direction, with conflicts and
constructive criticism, but in the same direction.
> Hopefully we'll all meet at CCC for a mate to discuss this in person!
Let's try to sketch down on a etterpad or trac ticket an idea on how to
implement something like this in order to:
- evaluating and pushing hardening of system/network security of Tor nodes
- avoid/mitigate alerts and risks for Tor Operators
That way we can try to match the needs perceived by all different
parties, balancing the risk/return of the initiative.
I'm gonna dump in this email a set of useful links collected during
browsing to do that.
We are probably not interested in Nessus & Metasploit AutoPwn, but it's
important to know that anyone can just aggregate everything into a chain
of automatic portscanning + vulnerability scanning + vulnerability
exploiting.
Python NMAP (A python library which helps in using nmap port scanner):
http://code.google.com/p/python-nmap/
Python NMAP XML Parsing Scripts (nmap xml to sqlite):
https://github.com/d1b/python-nmap-xml-output-parser
Plugin Spotlight: Import Nmap XML Results Into Nessus
http://blog.tenablesecurity.com/2009/08/plugin-spotlight-import-nmap-xml-results-into-nessus.html
MetaSploit AutoPwn Integration with Nessus:
http://www.defenceindepth.net/2009/11/metasploit-autopwn-hacking-made-simple.html
Tor NetworkScanner/ExitAuthority:
https://gitweb.torproject.org/torflow.git/tree/HEAD:/NetworkScanners/ExitAuthority
Scripts to extract exit-node, relays and their listening port:
https://gitweb.torproject.org/tor.git/tree/HEAD:/contrib
-naif
More information about the tor-talk
mailing list